How Not to Onboard Fraudulent Customers: Minimizing Onboarding Risks with KYC and Fraud Prevention

You can have an amazing product or service, but without customers your offering won’t survive. In order to have access to your offering, new customers must be onboarded.

To make sure you have the right customers, their information needs to be validated. However, the more tests you have to validate customers, the higher the likelihood of customer abandonment – a.k.a. quitting the onboarding process before they’re finished.

Onboarding customers is a tricky process. Attracting a customer to sign-up is just the beginning.

Once they’ve signed-up, you must verify: 1) that they are real users, 2) that they are the owners of the information presented, 3) that they can do business with you AND 4) that they’re a good client for you to work with.

Getting the answers to these questions are at the heart of what we do at IdentityMind. So, how do you effectively onboard new clients? Well, it depends. As a rule of thumb, onboarding processes need to balance the customer’s experience and convenience with your risk and regulatory compliance requirements – keeping in mind that the end goal is to onboard as many customers as possible.

Technology plays a strategic role in helping you achieve those goals, efficiently and effectively. In our experience, the successful onboarding processes are the ones that layer both KYC tests and online fraud preventions rules, while balancing the friction in the onboarding process. IdentityMind works with hundreds of businesses to reduce the risk of onboarding new customers. Given our expertise in this area, we would like to share our insights. The following information will help you tailor your onboarding process. Use it wisely.

Customer Onboarding, a story best told in layers.

1. Analyze industry vs. types of fraud

Industry will help inform customer expectations, average profit margins per transaction, the volume and type of transactions, the associated risk, and the applicable regulations, to name a few. For example, the risk involved when an individual buys a digital good is very different than when a business wants to borrow $10,000 from an online lender.

It is important to consider the types of fraud most commonly associated with different industries. Not to say that a certain type of fraud will only occur in a specific industry, but having seen a tremendous amount of fraud attempts across our client base, there are certain evident correlations of fraud type per industry.

This relation between industries and types of fraud not only informs your onboarding operations, but also highlights the parameters that must be included when designing your onboarding process. Up next, you will find a non-exhaustive list of some of the industries we work with, and the types of fraud we commonly see associated with each.

To give you a bit more context into the graph, below are the definitions of each type of fraud:

Synthetic Fraud: Fake identity created using real information

Friendly Fraud: Real identity, but who issue chargebacks after the goods are delivered

Stolen Identity Fraud: Real identity that’s been stolen

Vulnerable Victim Fraud: Real identity of an individual vulnerable usually due to age or mental condition

High-Risk Individual: Individuals who are a higher risk of never paying

2. KYC Tests

In a pre-online environment these types of fraud were rare, but they are mainstays of today’s digital economy. The solution used to be Know Your Customer or KYC, because the customer standing in front of you was considered proof of their identity and lowered your perceived business risk.

However, in an increasingly online world, brick-and-mortar KYC is not an option. Thankfully, as customers have moved online, so have KYC tests. Below is a list of the most effective KYC tests to fight fraud – all available through our API:

Email validation

First Seen: When was the email first seen on the Internet or at other businesses

Risk associated with email address: The risk rating of the email address

Phone validation

SMS: Having clients insert a PIN code sent to the phone

Information: Confirming the name and address on account match the information submitted by the client

Address validation

Name: Ensuring there are public records of the individual or business

DOB: Confirming the customer’s DOB with the DOB listed on public records

Document validation

Document is valid

Facematch: Customers picture matches the picture in the document

Out of Wallet or Knowledge Based Authentication

Knowledge: Ensuring customer can answer questions about their life

Call in: Good customers who fail may call-in to dispute or question

TIN validation

SSN validation

EIN validation

These KYC tests are effective at preventing synthetic fraud and sometimes stolen identity fraud. However, think about how they would struggle to prevent Friendly fraud, Vulnerable Victim Fraud or High-Risk Individual Fraud. The traditional KYC tests cannot prevent fraud where the information is correct and it’s the people are bad.

3. Fraud Prevention Rules

The basis for using fraud prevention comes from preventing chargebacks in ecommerce. These rules are complementary to KYC to evaluate the risk of a user. The information required for the risk analysis is likely available from the onboarding session itself. This includes IP addresses, device fingerprinting, phone number, billing address, etc. It is unlikely you’ll require additional information.

The goal really is to make a risk assessment and decide if that level is tolerable. Listed below are some of the rules we see our clients use to measure the risk of a potential client:

Device

Proxy/VPN usage

IP/Computer timezone Mismatch

Velocity

Any shared characteristics reused within 1 hour

Any shared characteristics within 24 hours

Item

Time of order

SKU and item type

Account information

Recent changes to:

Address

Password

Reputation Analysis

Customer

Device

Payment Mechanism

Phone

Email Address

Address

Risk score

Analytics

Scoring every factor in the transaction for a total risk score

How we can help

What’s the best way to validate customers? It depends on the industry, profit margins per transaction, the volume and type of transactions, the associated risk, and the applicable regulations. However, we’ve seen that no matter
the industry what works best is a combination of KYC tests coupled with Fraud Prevention rules. IdentityMind uses advanced analytics to help clients create, set, and adjust the KYC tests and fraud rules necessary to safely onboard potential customers by ensuring they are who they say they are, and are good to work with.

In layering KYC tests and Online Fraud Prevention rules we’ve come up with a framework under our concept of Trusted Digital Identities. This framework was developed to help you design your onboarding process strategically, making the best use of the technology available, and it is part of our “Digital Identity Evaluation” Guide. It is a reflection of lessons learned through years of experience, and by working closely with our clients to grow their customer base while keeping identity fraud at bay. The Digital Identity Evaluation Guide is coming soon, sign up below to receive your copy as soon as we release it.